Filet-O-Phish - Thieves target McDonald's

Filed Under: Phishing, Spam


I ran across an interesting and improbable phish today while looking through our spam feeds.

The attackers in this case decided that enough people in the world eat at McDonald's that it was worth having a go at convincing people to fill out a survey with the lure of a $90 credit for their participation.

The text of the email reads:

Dear customer, Please give us only 5 minutes of your valuable time to ask you some questions about our products . Please be aware that we will not ask you about any personal information. In return, we will credit $90.00 to your account - just for your time. If you want to answer our simply 8 questions , please click the link below : http://mail.CENSORED/index.html Thank you for helping us to become better . Sincerely, McDonald's Survey Department. Please do not reply to this email. This mailbox is not monitored and you will not receive a response.

Screenshot of email phish against McDonald's customers

You can see from the screenshot that the default character set is set to Cyrillic, which is more than a little strange for an email in English. The entire lure is a bit unlikely, but for every scam, there seems to be a fool who falls for it.

The website the email links to puts on a good show of quizzing you about your favorite McDonald's foods, drinks, etc.

McDonald's phish survey

McDonald's phish for credit card

Their coding could use some work, though, as every section of the web page has the error "[an error occurred while processing this directive]."

Once you fill out this moderately broken survey you are delivered to the phish itself.

As in other phishes I have blogged about, the scammers not only want your name, address and birthday, but also your drivers' license, credit card and CVV.

I am always surprised that people think they can win $90 in a survey or that they may have won 3 million pounds in a UK lottery they never entered.

And doesn't anyone wonder how on earth McDonald's or the UK lottery got their email address in the first place?

Sophos customers are protected against these emails, and as always please think before you click.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on as Chester, Chester Wisniewski on Google Plus or send him an email at